Archive for May, 2010

How to setup a VPN server on a CentOS VPS instantly

Uncategorized | Posted by admin
May 20 2010

We have made a tiny and soil bash speech which installs and configures OpenVPN on CentOS 5 32bit. The VPN server’s primary (and only) use is for safe browsing i.e. tunneling all your transfer through your VPS. The speech also generates your client configuration file by the side of with the de rigueur keys for authentication.

Requirements

1. CentOS 5 32bit minimal OS template

2. TUN/TAP contrivance enabled on your VPS

3. iptables NAT help

You will have to open a voucher to question for a TUN/TAP contrivance to be enabled on your VPS. If you’re not a consumer of ours and your host’s help staff doesn’t know how to do this, you may tell them to carry out the following orders on the hardware node where your VPS is hosted.

vzctl stop YOUR_VEID
vzctl set YOUR_VEID –devices c:10:200:rw –save
vzctl set YOUR_VEID –capability net_admin:on –save
vzctl start YOUR_VEID
vzctl exec YOUR_VEID “mkdir -p /dev/net; mknod /dev/net/tun c 10 200; chmod 600 /dev/net/tun”
# iptables help
vzctl stop YOUR_VEID
vzctl set YOUR_VEID –iptables ipt_REJECT –iptables ipt_tos –iptables ipt_TOS –iptables ipt_LOG –iptables ip_conntrack –iptables ipt_limit –iptables ipt_multiport –iptables iptable_filter –iptables iptable_mangle –iptables ipt_TCPMSS –iptables ipt_tcpmss –iptables ipt_ttl –iptables ipt_length –iptables ipt_state –iptables iptable_nat –iptables ip_nat_ftp –save
vzctl start YOUR_VEID

Make sure they will replace ‘YOUR_VEID’ with your VPS’s VEID and you will be ready to roll

Login to your VPS as root and carry out the following orders

wget http://vpsnoc.com/scripts/bed in-openvpn.sh
chmod +x bed in-openvpn.sh
./bed in-openvpn.sh

You will be prompted to enter values for your server and client certificate, feel free to acknowledge (hit enter) the default values. Its not recommended to setup a password for your server certificate as you will have to type in the password each time you wish to start/regenerate the openvpn daemon.
You can but set a password for your client’s certificate since it offers superfluous amount of protection in case your certificate and key files are compromised. You will be prompted for that password each time you connect on your VPS’s VPN.

With the speech refined installing openvpn (must be very quick) the client keys and the openvpn client configuration file will be archived in /root/keys.tgz
You may use a sftp/scp client such as winscp or filezilla to download the archive on your notebook.

If you already house of protection’t installed openvpn for windows you may do so now.
You may use winrar or 7zip to press the content of keys.tgz in C:\Curriculum Files\OpenVPN\config\VPN (start a folder named VPN here)
With you have extracted the files from keys.tgz in the above folder, you may start openvpn-gui from the start menu, right click the tray icon, go to VPN and click connect. With the icon turns conservational all your transfer will be forwarded through your VPS, no superfluous configuration on your browser/IM client/send by e-mail client is essential.

If you’re facing issues make sure that your notebook clock is corresponding, if so make sure that your VPS’s clock is right as well. If it’s not you will have to question your host to sync it.

For any additional issues and pointer please e-mail us at help@vpsnoc.com

You may use and adjust this speech but you see fit, provided that you do not edit the first copyright.

#!/bin/bash
# Quick and soil OpenVPN bed in speech
# Tested on Centos 5.x 32bit, openvz minimal CentOS OS templates
# Please give up pointer and questions at help@vpsnoc.com

# John Malkowski vpsnoc.com 01/04/2010

ip=`grep IPADDR /etc/sysconfig/arrangement-scripts/ifcfg-venet0:0 | awk -F= ‘{print $2}’`

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -iv rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rm -rf rpmforge-release-0.3.6-1.el5.rf.i386.rpm

yum -y bed in openvpn openssl openssl-devel
cd /etc/openvpn/
cp -R /usr/share/doc/openvpn-2.0.9/simple-rsa/ /etc/openvpn/
cd /etc/openvpn/simple-rsa/2.0/
chmod +rwx *
. ../vars
./sterile-all
fund ./vars

echo -e “\n\n\n\n\n\n\n” | ./erect-ca
clear
echo “####################################”
echo “Feel free to acknowledge default values”
echo “Wouldn’t recommend setting a password here”
echo “Then you’d have to type in the password each time openVPN starts/restarts”
echo “####################################”
./erect-key-server server
./erect-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/

clear
echo “####################################”
echo “Feel free to acknowledge default values”
echo “This is your client key, you may set a password here but it’s not essential”
echo “####################################”
./erect-key client1
cd keys/

client=”
client
diffident $ip 1194
dev tun
comp-lzo
ca ca.crt
cert client1.crt
key client1.key
route-delay 2
route-method exe
redirect-gateway def1
dhcp-selection DNS 10.8.0.1
verb 3″

echo “$client” > $HOSTNAME.ovpn

tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
mv keys.tgz /root

opvpn=’
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push “route 10.8.0.0 255.255.255.0″
push “redirect-gateway”
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group nobody
daemon’

echo “$opvpn” > /etc/openvpn/openvpn.conf

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables
sed -i ‘s/eth0/venet0/g’ /etc/sysconfig/iptables # soil vz fix for iptables-save
echo “net.ipv4.ip_forward=1″ >> /etc/sysctl.conf

/etc/init.d/openvpn start
clear

echo “OpenVPN has been installed
Download /root/keys.tgz by winscp or additional sftp/scp client such as filezilla
Start a directory named vpn at C:\Curriculum Files\OpenVPN\config\ and untar the content of keys.tgz here
Start openvpn-gui, right click the tray icon go to vpn and click connect

1 Comment »

How to install OpenVPN on a Debian/Ubuntu VPS instantly

Uncategorized, VPS | Posted by admin
May 11 2010

This is a stay on up post to How to setup a VPN server on a CentOS VPS straight away same requirements and instructions apply.

Minor delivery point changes were made on the previous CentOS speech to get it effective under Debian and Ubuntu. We might start one single speech which will bed in OpenVPN on most distributions and architectures in prospect.

To bed in issue the following orders logged in as root on your VPS (Give up to this post if you are facing any issues)

wget http://vpsnoc.com/scripts/debian-openvpn.sh

chmod +x debian-openvpn.sh

./debian-openvpn.sh

For any additional issues and pointer please e-mail us at help@vpsnoc.com

You may use and adjust this speech but you see fit, provided that you do not edit the first copyright.

#!/bin/bash
# Quick and soil OpenVPN bed in speech
# Tested on debian 5.0 32bit, openvz minimal debian OS template
# and Ubuntu 9.04 32 bit minimal, must work on 64bit descriptions as well
# Please give up pointer and questions at help@vpsnoc.com

# John Malkowski vpsnoc.com 01/18/2010

ip=`grep address /etc/arrangement/interfaces | grep -v 127.0.0.1 | awk ‘{print $2}’`
apt-get bring up to date
apt-get bed in openvpn libssl-dev openssl
cd /etc/openvpn/
cp -R /usr/share/doc/openvpn/examples/simple-rsa/ /etc/openvpn/
cd /etc/openvpn/simple-rsa/2.0/
chmod +rwx *
. ./vars
./sterile-all
fund ./vars

echo -e “\n\n\n\n\n\n\n” | ./erect-ca
clear
echo “####################################”
echo “Feel free to acknowledge default values”
echo “Wouldn’t recommend setting a password here”
echo “Then you’d have to type in the password each time openVPN starts/restarts”
echo “####################################”
./erect-key-server server
./erect-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/

clear
echo “####################################”
echo “Feel free to acknowledge default values”
echo “This is your client key, you may set a password here but it’s not essential”
echo “####################################”
./erect-key client1
cd keys/

client=”
client
diffident $ip 1194
dev tun
comp-lzo
ca ca.crt
cert client1.crt
key client1.key
route-delay 2
route-method exe
redirect-gateway def1
dhcp-selection DNS 10.8.0.1
verb 3″

echo “$client” > $HOSTNAME.ovpn

tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
mv keys.tgz /root

opvpn=’
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push “route 10.8.0.0 255.255.255.0″
push “redirect-gateway”
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group daemon
daemon’

echo “$opvpn” > /etc/openvpn/openvpn.conf

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables-save > /etc/iptables.conf
echo “#!/bin/sh” > /etc/arrangement/if-up.d/iptables
echo “iptables-renovate < /etc/iptables.conf” >> /etc/arrangement/if-up.d/iptables
chmod +x /etc/arrangement/if-up.d/iptables
echo “net.ipv4.ip_forward=1″ >> /etc/sysctl.conf

/etc/init.d/openvpn start
clear

echo “OpenVPN has been installed
Download /root/keys.tgz by winscp or additional sftp/scp client such as filezilla
Start a directory named vpn at C:\Curriculum Files\OpenVPN\config\ and untar the content of keys.tgz here
Start openvpn-gui, right click the tray icon go to vpn and click connect
For help/bug reports send by e-mail us at help@vpsnoc.com”

Comments Closed

cPanel Proxy: Server Wide Installation

Web server | Posted by admin
May 05 2010

cPanel Proxy is a tiny PHP speech which allows users to door cPanel, WHM and Web Mail on port 80 by performing arts like a proxy. Its very caring for public who are behind firewall.

This tutorial guides you on ow to make a server-wide installation of cPanel Proxy so all accounts produced on your server gets door to cPanel Proxy (can door cpanel on port 80)

Installing
Connect to your server via SSH and login to your normal user tab (for cPanel, this tab needs to be a limb of the veer group), then ’su -’ to root. At the prompt, type the following orders:
cd /usr/local/src
wget http://cpanelproxy.net/cPanelProxy.zip
mkdir cpanelproxy
cd cpanelproxy
unzip ../cPanelProxy.zip
cd ..
chown nobody.nobody cpanelproxy -R
chmod 755 cpanelproxy -R
mv cpanelproxy /usr/local/share

You have just downloaded the speech and installed it, with the right file ownership and permissions, into the /usr/local/share folder. The next step is to make a few changes to the Apache (web server) configuration file. Continue at the command prompt by typing the following:
pico /usr/local/apache/conf/httpd.conf

You will now be in the ‘UW PICO’ file editor. Scroll right down to the bottom of the file, and add the following shape:

ServerName cpanel.*
ServerAlias cpanel.* whm.* webmail.*
DocumentRoot /usr/local/share/cpanelproxy

Replace x.x.x.x with all the IP addresses that are configured on your server, each separated by a space – optionally, only enter the IP addresses that you want to make the cPanel Proxy speech void on. Once done, push [CTRL-O] then [RETURN] to save your changes, then push [CTRL-X] to exit the editor and restore to the command prompt.
To make possible the changes, we just need to regenerate Apache with the following command:
service httpd regenerate

Enabling Void Accounts
Previous to you will be able to door the proxy speech, we need to make some changes to DNS. For void domains, some manual steps are essential, as a few CNAME minutes need to be added to each domains zone file. This can be done any through WHM, or via the command line.
If you want to do this via WHM, once logged in to WHM, click ‘Edit a DNS Zone’ from the ‘DNS Functions’ menu on the left, select the domain you wish to edit from the list, then click the ‘Edit’ pin. Scroll the page to the top where it says ‘Add New Entries Not more than this Line’, and add the following two entries into the noteworthy boxes on the screen:
cpanel 14400 IN CNAME yourdomain.com.
webmail 14400 IN CNAME yourdomain.com.

Make your you use instead in the real name of the domain you are control and making sure that it ends with a dot as above. If you also want to add in a link to WHM, you can also add the following access:
whm 14400 IN CNAME yourdomain.com.

I in person prefer to only do this on reseller domains, and my main domain, as normal users have no need to door WHM. Once your done, click the ‘Save’ pin to perfect your changes.
If you want to do these changes via the command line, from your SSH conference, type the following command to edit the zone file directly:
pico /var/named/yourdomain.com.db

Make sure you use instead in the real name of your domain into the command above. You will now be back in the ‘UW PICO’ file editor. Scroll to the end of the file, and add the following shape:
cpanel 14400 IN CNAME yourdomain.com.
webmail 14400 IN CNAME yourdomain.com.

Again, make sure you use instead in the real name of your domain, making sure that it ends with a dot as above. As mentioned previously, if you also want to add in a link to WHM, you can also add the following access:
whm 14400 IN CNAME yourdomain.com.

Once done, push [CTRL-O] then [RETURN] to save your changes, then push [CTRL-X] to exit the editor and restore to the command prompt. The closing step is to force your DNS server to re-read its configuration files, so that your changes take look. At the command line, type:
killall -HUP named

You must now be able to open your web browser to http://cpanel.yourdomain.com/ and be accurately prompted for your username and password.

Enabling New Accounts
The closing part of this HOW-TO is to make possible the proxy speech for all new accounts reluctantly, which avoids having to make the manual changes above in the prospect. From your SSH conference, type the following orders:
pico /var/cpanel/zonetemplates/ordinary

You will now be in the ‘UW PICO’ file editor. Scroll to the bottom of the file, and add the following shape:
cpanel IN CNAME %domain%.
webmail IN CNAME %domain%.

Push [CTRL-O] then [RETURN] to save your changes, then push [CTRL-X] to exit the editor and restore to the command prompt. Next, type the following, at the command prompt:
pico /var/cpanel/zonetemplates/standardvirtualftp

Again, you will now be back in the ‘UW PICO’ file editor. Scroll to the bottom of the file, and again add the following shape:
cpanel IN CNAME %domain%.
webmail IN CNAME %domain%.

Push [CTRL-O] then [RETURN] to save your changes, then push [CTRL-X] to exit the editor and restore to the command prompt. You have now edited the default DNS zone template files, which are used to start the zone files for new domains – this earnings new accounts will reluctantly have the right entries to door the cPanel Proxy speech on their domain. I’ve not included the WHM access, since I judge this must be manually added to reseller domains only, since normal users have no need to door WHM.

PS: This How-To was originally in print by Unofficial-Help(.com) (http://unofficial-help.com/node/view/50). As the site doest exit any more i have worn-out their tutorial from an ancient archive. All credits go to the first chief (simon).

Comments Closed

Bad Behavior has blocked 97 access attempts in the last 7 days.